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ABSTRACT 



Authentication of a casino game data set is carried out within 
the casino game console using an authentication program 
stored in an unalterable ROM physically located within the 
casino game console. The casino game data set and a unique 
signature are stored in a mass storage device, which may 
comprise a read only unit or a read/write unit and which may 
be physically located either within the casino game console 
or remotely located and linked to the casino game console 
over a suitable network. The authentication program stored 
in the unalterable ROM performs an authentication check on 
the casino game data set at appropriate times, such as prior 
to commencement of game play, at periodic intervals or 
upon demand. At appropriate occasions, the contents of the 
unalterable ROM can be verified by computing the message 
digest of the unalterable ROM contents and comparing this 
computed message digest with a securely stored copy of the 
message digest computed from the ROM contents prior to 
installation in the casino game console. 

49 Claims, 4 Drawing Sheets 
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METHOD OF AUTHENTICATING GAME digest of the ROM contents is computed directly from the 

DATA SETS IN AN ELECTRONIC CASINO ROM using the original hash function. The computed mes- 

GAMING SYSTEM sage digest is compared with the message digest on file at the 

designated custodial location (typically in the casino itself). 

CROSS REFERENCE TO RELATED 5 xhjg procedure is typically carried out whenever a machine 

APPLICATIONS produces a payoff beyond a given threshold value. If the two 

This application is a continuation-in-part of U.S. patent message digests match, then the contents of the ROM are 

application, Ser. No. 08/981,882, filed Dec. 29, 1997 and considered to be authenticated (verified) and the payout is 

entitled "Electronic Casino Gaming System With Improved made t0 the P la y er - 

Play Capacity, Authentication and Security" (U.S. National 10 While such electronic casino gaming systems have been 

phase application of PCT application Ser. No. PCT/US96/ found to be useful in promoting casino game play, the 

10463, filed June 17, 1996), which is a continuation-in-part restriction requiring that the casino game program be stored 

of U.S. patent application, Ser. No. 08/497,662, filed Jun. 29, in unalterable ROM memory, leads to a number of disad- 

1995, and entitled "Electronic Casino Gaming Apparatus vantageous limitations. First, due to the limited capacity of 

With Improved Play Capacity, Authentication and Security", 15 the ROM storage media traditionally used to hold the 

now U.S. Pat. No. 5,643,086. program, the scope of game play available with such sys- 
tems is severely limited. For sophisticated games using 

BACKGROUND OF THE INVENTION motion video and audio multi-media elements, much more 

1 Field of the Invention memory capacity, on the order of hundreds of megabytes, is 

TOs invention relates generally to microprocessor based 20 necessary However physical verification of such a large 

gaming systems used in gambling casinos, and more par- f antltv of P h y sical devices 15 not Poetical, and has thus far 

ticularly to a method of authenticating game data sets in an been a f ^pediment to creating sophisticated games with 

electronic gaming system. more P la y er a PP eaL Second ' the authentication check is only 

^ t. • f ^ • • i-t^' a conducted on a limited basis (usually after a jackpot) or 

2. Bnef Description of the Pnor Art ?<; .u • * ■ . j .u *u *• 

r -£> other significant winning game outcome, and the authenti- 

Microprocessor based gaming systems are known which cation proce dure requires that game play be halted until the 

are used in gambling casinos to augment the traditional slot ROM contents have been found to be authentic. These 

machine games (e.g. three reel single or multi-line games) limitations make it very difficult to modify game parameters, 

and card games, such as poker and black jack. In a typical such as me game w i es or tDe pa y OUt scheme of the game 

gaming system of this type, a microprocessor based system 30 being played on the gaming system. It would be advanta- 

includes both hardware and software components to provide geous t0 be able t0 mo dify the game parameters of a game 

the game playing capabilities. The hardware components currently being played on a game system without requiring 

include a video display for displaying the game play, physical verification of new games or game modifying data 
mechanical switches for enabling player selection of addi- 

tional cards or game play choices, coin acceptors and 35 

detectors and the electronic components usually found in a SUMMARY OF THE INVENTION 
microprocessor based system, such as random access 

memory (RAM), read only memory (ROM), a processor and ^ invention comprises an electronic casino gaming 
one or more busses. The software components include the system which greatly expands casino game play capability 
initialization software, credit and payout routines, the game 40 and enhances security and authentication capabilities. More 
image and rules data set, and a random number generator particularly, the invention comprises an electronic casino 
algorithm. In order to be acceptable for casino use, an gaming system and method having greatly expanded mass 
electronic gaming system must provide both security and storage capability for storing a multiplicity of high 
authentication for the software components. For this reason, resolution, high sound quality casino type games, and pro- 
gaming commissions have heretofore required that all soft- 45 vides enhanced authentication of the stored game program 
ware components of an electronic gaming system be stored information with a high security factor, 
in unalterable memory, which is typically an unalterable According to a first aspect of the invention, authentication 
ROM. In addition, a copy of the contents of the ROM or a of a casino game data set is carried out within the casino 
message digest of the contents (or both) are normally kept on game console using an authentication program stored in an 
file in a secure location designated by the gaming commis- 50 unalterable ROM physically located within the casino game 
sion so that the contents of an individual ROM removed console. The casino game data set and a unique signature are 
from a gaming machine can be verified against the custodial stored in a mass storage device, which may comprise a read 
version. only unit or a read/write unit and which may be physically 
In a typical arrangement, a message digest of the ROM located either within the casino game console or remotely 
contents is initially generated prior to the installation of the 55 located a nd linked to the casino game consplc^cr^suitable 
ROM in the machine by using a known algorithm usually ^ekw6?£ The authentication program stored in the unalter- 
referred to as a hash function. A hash function is a compu- able ROM performs an authentication check on the casino 
tation procedure that produces a fixed-size string of bits game data set at appropriate times, such as prior to com- 
from a variable-size digital input. The fixed-sized string of mencement of game play, at periodic intervals or upon 
bits is termed the hash value. If the hash function is difficult 60 demand. At appropriate occasions, the contents of the unal- 
to invert — termed a one-way hash function — the hash func- terable ROM can be verified by computing the message 
tion is also termed a message digest function, and the result digest of the unalterable ROM contents and comparing this 
is termed the message digest. The message digest is unique computed message digest with a securely stored copy of the 
to any given variable size input data set, i.e., the game data message digest computed from the ROM contents prior to 
set stored in the ROM. When it becomes necessary to later 65 installation in the casino game console, 
authenticate the ROM from any given machine, the ROM is From a process standpoint, this aspect of the invention 
physically removed from the game console and the message comprises a method of authenticating a data set of a casino 
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style game which consists of two phases: a game data set storing means to recover the first abbreviated bit string; 

preparation phase and a game data set checking phase. In the processing means for enabling the authentication program to 

game data set preparation phase, the method proceeds by compute an abbreviated bit string from the casino game data 

providing a data set for a casino game, computing a first set stored in the first storing means and for enabling the 

abbreviated bit string unique to the casino game data set, 5 authentication program to decrypt the encrypted signature; 

encrypting the first abbreviated bit string to provide an and means for comparing the computed second abbreviated 

encrypted signature of the casino game data set, and storing bit string with the decrypted abbreviated bit string to deter- 

the casino game data set and the signature in a mass storage mine whether a match is present. The first storing means 

device. The first abbreviated bit string is preferably com- preferably comprises a mass storage device, such as a disk 

puted using a hash function to produce a message digest of 1Q drive unit, a CD-ROM unit or a network storage unit. The 

the casino game data set. The signature is then generated by second storing means preferably comprises an unalterable 

encrypting the message digest. After storage of the game read only memory in which the authentication program is 

data set and unique signature, this information is installed in stored. 

a casino game console. The casino game data set checking According to a second aspect of the invention, the authen- 

phase proceeds by computing a second abbreviated bit string 15 tication program stored m tne unalterable ROM located 

from the stored casino game data set using the same hash witnin the casino game conso i e ^ used to test the authen- 

function, decrypting the stored encrypted signature to ticity of all other programs and fixed data stored in memory 

recover the first abbreviated bit string, and comparing the devices in the electronic casino gaming system, such as a 

first and second abbreviated bit strings to determine whether system 5oot ROM memory devices containing the operat- 

the two strings match. If a match does occur, the casino 2Q ing system prograrrij system dr j V ers and executive/loader 

game data set is deemed authentic; if there is no match, programs, and other memory devices incorporated into the 

authentication is denied and game play is prohibited. electronic casino game system architecture. The contents of 

The encryption/decryption process is preferably per- eacn suc h memory device, whether program information or 

formed using a private key/public key technique in which fi xe d data, include signatures encrypted from message 

the first abbreviated bit string is encrypted by the game 25 digests computed using a hash function from the original 

manufacturer using a private encryption key maintained in program information or fixed data set. Upon system 

the custody of the game manufacturer. The decryption of the initialization, the authentication program in the unalterable 

signature is performed using a public key which is contained ROM is used to authenticate the individual memory device 

in an unalterable read only memory element located in the contents in essentially the same fashion as that used to 

game console, along with the casino game data set. The 30 authenticate the casino game data sets. More specifically, the 

casino game data set is preferably stored in a mass storage message digest for the given program or fixed data set is 

device, such as a magnetic or CD-ROM disk drive unit or a computed using the same hash function originally used to 

network file unit, the selected unit having a relatively large produce the message digest for that program or fixed data 

capacity. The actual size of the mass storage device will sett j^q encrypted signature is decrypted using the proper 

depend upon the casino game storage requirements and can 35 decryption program and decryption key to recover the 

be tailored to any specific application. message digest. The two versions of the message digest are 

Each time a casino game data set is transferred from the then compared and, if found to be matching, the concerned 

mass storage device to the main memory of the system, the program or fixed data set is deemed authentic and is per- 

authentication routine is run. The authentication routine can mitted to be used by the system. Once all of the concerned 

also be activated by means of an operator switch mounted in 40 programs and fixed data sets have been so authenticated, the 

the game console or remotely via a network. Consequently, casino game data set authentication procedure is run, after 

the authenticity of the data set can be automatically checked which game play is permitted (provided a match occurs), 

whenever the transfer occurs and at other appropriate times. From a process standpoint, this second aspect of the 

In order to detect attempts to tamper with the contents of invention comprises a method of authenticating a program 

the unalterable read only memory element located in the 45 or data set of a casino style game which consists of two 

game console, a message digest computed for the authenti- phases: a program or fixed data set preparation phase, and a 

cation program stored therein is stored in a secure manner in program or fixed data set checking phase. In the program or 

a different location from the game console, such as the fixed data set preparation phase, the method proceeds by 

casino operator's security facilities or the facilities of a providing a program or fixed data set for a casino game, 

gaming commission (or both). The authenticity of the unal- 50 computing a first abbreviated bit string unique to the pro- 

terable read only memory element is checked in the same gram or fixed data set, encrypting the first abbreviated bit 

way as that now performed in prior art devices: viz. com- string to provide an encrypted signature of the program or 

puting the message digest directly from the unalterable read fixed data set, and storing the program or fixed data set and 

only memory device, and comparing the message digest thus the signature in a memory device. The first abbreviated bit 

computed with the custodial version. 55 string is preferably computed using a hash function to 

From an apparatus standpoint, the first aspect of the produce a message digest of the program or fixed data set. 
invention comprises an electronic casino gaming system The signature is then encrypted from the message digest, 
having means for providing authentication of a game data After storage of the program or fixed data set and unique 
set of a casino type game prior to permitting game play, the signature in the memory device, the memory device is 
system including first means for storing a casino game data 60 installed in a casino game console. The casino game pro- 
set and a signature of the casino game data set, the signature gram or fixed data set checking phase proceeds by comput- 
comprising an encrypted version of a unique first abbrevi- ing a second abbreviated bit string from the stored casino 
ated bit string computed from the casino game data set; game program or fixed data set stored in the memory device 
second means for storing an authentication program capable using the same hash function, decrypting the encrypted 
of computing a second abbreviated bit string from the casino 65 signature stored in the memory device to recover the first 
game data set stored in the first storing means and capable abbreviated bit string, and comparing the first and second 
of decrypting the encrypted signature stored in the first abbreviated bit strings to determine whether the two strings 



07/29/2004, EAST Version: 1.4.1 



6,149,522 

5 6 

match. If a match does occur, the casino game program or bootstrap code, operating system, and operating system 

fixed data set is deemed authentic; if there is no match, drivers are loaded from the first storage means to the main 

authentication is denied and use of that casino game pro- memory. 

gram or fixed data set is prohibited. Electronic casino game systems incorporating the inven- 

The authentication routine is run each time a given casino 5 tion provide a vastly expanded capacity for more sophisti- 

game program or fixed data set needs to be called or used. cated and attractive casino-style games, while at the same 

The authentication routine can also be run automatically on time improving the authentication of the games without 

a periodic basis, or on demand — either locally by means of compromising security. In addition, casino game systems 

an operator switch mounted in the casino game console or incorporating the invention provide great flexibility in 

remotely via a network. Consequently, the authenticity of 10 changing casino game play, since the casino game data sets 

the casino game program or fixed data set can be automati- representing the various games can be stored in alterable 

cally checked whenever use of that program or fixed data set media rather than read only memory units as with present 

is required and at other appropriate times, such as in the casino game systems. 

course of a gaming commission audit. By separating the authentication process from the casino 

^eprgs^t^v^^ a two-stage~method 35 game data set storage, the invention affords secure distribu- 

of authenticating game data^sets for implementing casino- tion and execution of program code and data, regardless of 

x -type games in an electronic gaming system including a main the particular distribution or storage technique employed, 

memory, a first storage means having a first authentication More specifically, the invention allows the casino game data 

program stored therein, a second storage means having set to reside in any form of secondary storage media, such 

stored therein an anchor application including a second 20 as the traditional ROM storage, hard magnetic disk drives 

authentication program, and an anchor signature including and CD-ROM drives, or networked file systems. So long as 

x; an encrypted version of a unique primary abbreviated anchor the authentication procedure conducted on the game data set 

bit string computed from the anchor application, and a third is performed using the authentication program stored in an 

storage means having^stored therein a game data set and a unalterable ROM, and so long as that ROM can be verified 

— game-signature including an encrypted version of a unique 25 reliably, any casino game data set can be loaded from any 

primary abbreviated game bit string computed from the source and can be verified by the system at any time: either 

~" game.data set. prior to use, during run-time, periodically during run -time or 

The first authentication program stored in the first storage upon demand. The large quantities of storage that can be 

means is loaded to the main memory. The anchor application 3Q ma de available in a secure fashion using the invention, 

stored in the second storage means is accessed. The validity facilitates the creation of casino gaming systems offering 

of the anchor application is determined using the first both an increased diversity of games, and individual games 

authentication program. If the anchor application is invalid, of superior quality. In addition, the authentication of all 

then loading of the anchor application into the main memory casino game program and fixed data software ensures the 

is prohibited. If the anchor application is valid, then the 35 integrity of all system software both prior to game play and 

anchor application is loaded into the main memory, the game thereafter at periodic or random intervals, 

data set stored in the third storage means is accessed, and the For a fuller understanding of the nature and advantages of 

validity of the game data set is determined using the second the invention, reference should be had to the ensuing 

authentication program. If the game data set is invalid, then detailed description taken in conjunction with the accom- 

loading of the game data set into the main memory is ^ panying drawings, 
prohibited. If the game data set is valid, then the game data 

set is loaded into the main memory and instructions of the BRIEF DESCRIPTION OF THE DRAWINGS 

game data set are processed. FIG t ^ a block diagram of a system incorporating the 

In a preferred embodiment, the step of determining the invention; 

validity of the anchor application using the first authentica- 45 FIG 2 is a schematic diagram illustrating the contents of 

tion program includes the steps of: computing a comple- lhe read only mem0 ry and the mass storage device; 

mentary abbreviated anchor bit string from the anchor nG 3 fa a more view autfaen _ 

application; decrypting the anchor signature to recover he {{c ^ oq ^ [q ^ RQM and ^ daU 

primary abbreviated anchor bit string; and comparing the , . 0 . 0 

v , J . . . . 6 ', stored in the mass storage unit; 

primary and complementary abbreviated anchor bit strings 50 „ . . . 

to determine whether the primary and complementary abbre- FIG - 4 15 a dia S ram illustrating the preparation of the 

viated anchor bit strings match. Also in the preferred game data set; 

embodiment, the step of determining the validity of the FIG. 5 is a diagram illustrating the authentication proce- 

game data set using the second authentication program dure f° r tne game data set; 

includes the steps of: computing a complementary abbrevi- 55 FIG. 6 is a diagram illustrating an alternative approach to 
a ted game bit string from the game data set; decrypting the the secure loading of software into the system; and 
game signature to recover the primary abbreviated game bit FIG. 7 is a flow diagram illustrating a two stage authen- 
string; and comparing the primary and complementary tication process according to the present invention, 
abbreviated game bit strings to determine whether the pri- 
mary and complementary abbreviated game bit strings 60 DETAILED DESCRIPTION OF THE 
match. PREFERRED EMBODIMENTS 

The electronic gaming system further includes a fourth Turning now to the drawings, FIG. 1 is a block diagram 

storage means having stored therein a basic input/output of an electronic casino gaming system incorporating the 

operating system (BIOS). The first storage means includes invention. As seen in this figure, the system consists of 

bootstrap code, an operating system, and operating system 65 several system components under software control. These 

drivers stored therein. Initially, the BIOS is loaded from the system components include a microprocessor 12, which may 

fourth storage means to the main memory; and then the comprise any general purpose microprocessor, such as a 
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Pentium-based microprocessor from Intel Corporation. A separate ROM elements: ROM 29 and ROM 30. ROM 29 
main memory unit 13 is provided, which is typically a must be an unalterable device, such as a Toshiba type 
random access memory having a capacity of between 32 and C53400 512Kx8 bit mask programmed ROM. ROM 30 is 
64 megabytes for storing the majority of programs and preferably an unalterable device like ROM 29, but may 
graphics elements during game play. Asystem boot ROM 14 5 comprise a different type of ROM, such as a type 29OF40 
provides the initialization software required when power is field programmable flash ROM available from Intel Corp. 
first applied to the system. ROM 14 contains additional ROM 29 contains the system initialization or boot code, an 
programs in read only form, including the operating system, authentication program, and an initial portion of the 
related drivers and the authentication software described in executive/loader programs. ROM 30 contains the operating 
detail below. Anon-volatile RAM 17 is a battery backed 1Q system program, the system drivers and the remainder of the 
static RAM capable of maintaining its contents through executive/loader programs as noted below. The mass storage 
power cycling. NV RAM 17 stores significant information unit contains the applications, which include the game 
relating to game play, such as the number of player credits, image and sound data, rules of game play and the like, and 
the last game outcome and certain diagnostic and error the signature associated with each particular casino game, 
information not critical to an understanding of the invention. 15 FIG. 3 illustrates the authentication and application pro- 
Amass storage unit implemented in the FIG. 1 system as gram information in more detail. As seen in this figure, the 
a magnetic hard disk drive unit 18 is coupled to and authentication program stored in unalterable ROM 29 corn- 
controlled by a disk subsystem 19 of conventional design prises a message digest algorithm component 32, a decryp- 
and operation. Disk drive unit 18 provides storage for the tion algorithm component 33, and a decryption key compo- 
garae specific data set, which includes both program data 20 nent 34. The message digest algorithm component 32 stored 
and image data specifying the rules of the various different in ROM 29 comprises an exact copy of a hash function 
casino games or single casino game variations, and the types program routine used to originally compute a message digest 
of images and image sequences to be displayed to the game from the loadable game data set 36 in a manner described 
players. The size of the disk drive unit 18 is a function of the below. The decryption algorithm component 33 stored in 
number of games and game variations provided for a given 25 ROM 29 comprises the algorithm required to decrypt any 
system, as well as the amount of data required for each encrypted casino game data set signature using the decryp- 
specific game. In general, the more motion video designed tion key component 34. 

into a particular casino game, the more storage required for The decryption key component 34 comprises the decryp- 

that casino game software. A disk drive unit 18 with a tion key that is required to decrypt any of the encrypted 

4-gigabyte capacity will usually provide sufficient storage 30 signatures 37 in the manner described below during the 

capacity. Disk subsystem 19 comprises a disk controller authentication routine. 

connected to a PCI bus 20 for controlling the disk drive unit piG. 4 illustrates the manner in which an encrypted data 

18. Controller 19 preferably supports SCSI-2, with options se t signature 37 is generated. A loadable casino game data 

of fast and wide. It should be noted that a number of different ^ 35 j s processed using a hash function 41 to generate a 

types of locally-based disk drive units may be used in the 35 message digest 42 which is unique to the loadable game data 

FIG. 1 system, including a CD-ROM storage unit. Also, the ^ 35. xh e nasn function employed may be one of a number 

mass storage unit need not be physically located within the of known hash functions, such as the MD2, MD4, and MD5 

game console along with the other elements depicted in FIG. hash functions and the SHA hash function; or any other 

1: the mass storage unit may be located remotely from the suitable hash function capable of producing a unique abbrc- 

game console and coupled thereto by means of an appro- 40 viated bit string from a variable size input data set. For 

priate network, such as an Ethernet, an RS232 link, or some further information about these hash functions, reference 

other hard-wired or wireless network link. This latter alter- should be had to the publication entitled "Answers To 

nate arrangement is indicated by the inclusion of a network Frequently Asked Questions About Today's Cryptography", 

subsystem 21 of appropriate configuration and functional Revision 2.0, Oct. 5, 1993, published by RSA Laboratories, 

characteristics, which may have Ethernet, RS232 serial, or 45 Redwood City, Calif., and the publications listed in the 

other network compatibility. references section thereof, the disclosures of which are 

A video subsystem 22 is coupled to the PCI bus and hereby incorporated by reference. After generation, the 

provides the capability of displaying fill color still images message digest 42 is then encrypted with an encryption 

and MPEG movies with a relatively high frame rate (e.g. 30 algorithm 43 using a private encryption key 44 to generate 

frames per second) on an appropriate monitor (not shown). 50 a signature 37 of the message digest. In the preferred 

Optional 3D texture mapping may be added to this system, embodiment, the two-key (private/public key) encryption 

if desired. technique developed by RSA Data Security, Inc., of Red- 

A sound subsystem 23 having a stereo sound playback wood City, Calif., is used. This technique is disclosed and 

capability with up to 16 bit CD quality sound is coupled to described in U.S. Pat. Nos. 4,200,770, 4,218,582 and 4,405, 

an ISA bus 24. A general purpose input/output unit 25 55 829, the disclosures of which are hereby incorporated by 

provides interfaces to the game mechanical devices (not reference. The signature 37 of the message digest 42 is then 

illustrated) such as manually actuated switches and display stored in the mass storage unit along with the loadable data 

lights. A first bridge circuit 27 provides an interface between set 36. 

microprocessor 12, ROM 14, main memory 13 and PCI bus FIG. 5 illustrates the authentication routine carried out in 

20. Bridge circuit 27 is preferably a TRITON chip set 60 accordance with the invention. When the authentication 

available from INTEL Corporation. A second bridge circuit routine is called (see below), the loadable casino game data 

28 provides an interface between the PCI bus 20 and the ISA set 36 is transferred from the mass storage unit to main 

bus 24. Bridge circuit 28 is preferably a type 82378 chip memory 13 (unless already there), and the message digest of 

available from Intel Corporation. casino game data set 36 is computed using the message 

FIG. 2 illustrates the types of information stored in the 65 digest algorithm 32. The message digest algorithm uses the 

system ROM 14 and the mass storage unit. As seen in FIG. same hash function 41 as that used by the manufacturer to 

2, the ROM unit 14 used in the FIG. 1 system comprises two prepare the original message digest 42 (FIG. 4). The result 
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is an unencrypted version 46 of the message digest com- consequence, the integrity of all software in the system is 

puted from the casino game data set 36 currently present in checked prior to the use of that particular software in order 

the mass storage unit. The encrypted data set signature 37 is to reveal any unauthorized changes to the software portion 

decrypted using the public decryption key 34 matching the of the casino gaming system. 

private key 44 used to originally encrypt the message digest 5 An alternative approach to the secure loading of software 

42 of the casino game data set 36. The message digest 47 into the system is depicted in FIG. 6. In this embodiment, 

decrypted with decryption key 34 is then compared with the basic input/output system (BIOS) software 52 is stored in a 

message digest 46 computed from the casino game data set ROM 50, the first of two ROMs 50 and 54 making up the 

36. If the two message digests match, then the casino game system boot ROM 14 (FIG. 1). The second ROM 54 stores 

data set 36 is deemed authentic and game play may proceed. 10 boot strap code 56, operating system (OS) code 58, OS 

If there is no match, either the casino game data set 36 or the drivers 60, and a first secure loader 62 including a first 

signature 37 is deemed corrupted and not authentic. Game authentication program, and one or more signatures 63 

play is prohibited and appropriate actions can be taken: e.g. associated with the boot strap code, OS code, OS drivers, 

alerting a security employee using a suitable messaging and first secure loader. The first authentication program 

system (an audible alarm, flashing lights, or a network 3S implements the authentication procedure described above in 

message from the game console to a central security area). reference to FIG. 5. 

Since authentication of the game data set 36 and signature In the preferred embodiment, each of the signatures 63 

37 (FIG. 2) is entrusted to the contents of ROM 29 (FIG. 2), includes an encrypted version of a unique primary abbrevi- 

a procedure must be provided to verify the ROM 29 con- ated bit string, and is determined as described above in FIG. 

tents. For this purpose, a message digest is computed for the 20 4 Signatures 63 may include a single signature calculated 

authentication program stored in ROM 29, and this message from all data sets stored in second ROM 54 or may include 

digest is stored in a secure manner with the casino operator a plurality of signatures, each calculated from a single data 

or the gaming commission (or both) along with the hash set, or from a combination of data sets, stored in second 

function used to produce the message digest. This hash ROM 54. In a preferred embodiment, signatures 63 include 

function may be the same hash function used to compute the 25 a urst authentication program signature which is an 

message digest 42 of the casino game data set or a different encrypted version of a unique primary abbreviated bit string 

hash function. In this way, the authenticity of the ROM 29 computed from the first authentication program using the 

can be easily checked in the same way as that now per- signature generating process described in FIG. 4. In an 

formed in prior art devices: viz. computing the message embodiment, a copy of the contents of second ROM 54 or 

digest directly from the ROM 29 and comparing the mes- 30 a message digest of the contents (or both) are kept on file in 

sage digest thus computed with the custodial version of the a secure location so that the contents of the second ROM can 

message digest. If required by a given gaming commission be removed from a gaming machine and verified against the 

or deemed desirable by a casino operator, the system may custodial version. 

also display the message digest 42 of each particular data set An anchor application 64, stored in mass storage 18 (FIG. 

36 or the encrypted signature version 37 for auditing pur- 35 1) includes graphics and sound drivers 66, system drivers 

poses. In addition, the system may transmit this information 68, money-handling software 70, a second secure loader 72, 

via networking subsystem 21 to an on-site or off-site remote and one or more signatures 73 associated with the drivers 66 

location (such as the office of the gaming commission). The and 68, money handling software, and second secure loader, 

message digest displayed or transmitted may comprise the Second secure loader 72 includes a second authentication 

decrypted version or the computed version (or both). 40 program which, in the preferred embodiment, implements 

The authentication procedure carried out by means of the the authentication procedure described above in FIG. 5. In 

message digest program 32, decryption program 33 and the preferred embodiment, each of the signatures 73 includes 

decryption key 34 stored in unalterable ROM 29 in the an encrypted version of a unique primary abbreviated bit 

manner described above is also used to authenticate the string, and is determined as described above in FIG. 4. 

contents of all memory devices in the FIG. 1 system, such 45 Signatures 73 may include a single signature calculated from 

as the contents of ROM 30 (see FIG. 2), the fixed data all data sets of the anchor application or may include a 

portions and program components stored in NV RAM 17 plurality of signatures, each calculated from a single data 

and the program and fixed data contents of any memory set, or from a combination of data sets, of the anchor 

devices stored in the networking subsystem 21, video sub- application. In one embodiment of the present invention, 

system 22, sound subsystem 23, PCI-ISA interface 24, and so signatures 63 are computed using a first hash function while 

GPIO unit 25. Each program or fixed data set stored in any signatures 73 are computed using a second dissimilar hash 

memory device in any of these units has an associated function, and the first and second authentication programs 

signature, which is encrypted from a message digest of the authenticate data sets using the first and second hash func- 

original program or fixed data set using a hash function, tions respectively. 

which is preferably the same hash function used to prepare 55 In an embodiment, anchor application signatures 73 
the message digest of the casino game data set. Prior to include: a second authentication signature including an 
permitting any such program or fixed data set to participate encrypted version of a unique primary abbreviated bit string 
in the system operation, that program or fixed data set is computed from the second authentication program; a graph- 
subjected to the authorization procedure to ensure that the ics and sound driver signature including an encrypted ver- 
message digest computed from the current version of the 60 sion of a unique primary abbreviated bit string computed 
program or fixed data set matches the message digest from graphics and sound drivers 66; system driver sign a - 
decrypted from the encrypted signature associated to the tures including encrypted versions of a unique primary 
program or fixed data set. In addition, the authentication abbreviated bit strings computed from system drivers 68; 
procedure can be run on each such program or fixed data set and a money handling signature including an encrypted 
at periodic or random intervals (on demand) in a manner 65 version of a unique primary abbreviated bit string computed 
essentially identical to that described above with respect to from money-handling software 70. In an alternative 
the casino game data set authentication procedure. As a embodiment, a single anchor signature including an 
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encrypted version of a unique primary abbreviated bit string casino-type game; a money handler modifying data set for 

computed from all data sets of anchor application 64 is used. modifying parameters related to payout of coins and issuing 

The second authentication program of the anchor appli- of credit in the casino-type game; and a sound driver 

cation 64 may be used to load an initial game data set for modifying data set for modifying parameters related to 

implementing a casino-type gamel^g^^^tlaj^jlor * sound drivers of said casino-type game, 

implementing new casino-type game replacing previously FIG. 7 shows a flow diagram at 100 illustrating a two 

activated casino-type game, or a game modifying data set for 1 stage authentication process according to the present inven- 

modifying game parameters of a previously activated tion for authenticating a game data set. In step 102, BIOS 52 

casino-type game. The game-modifying data sets include (FIG. 6) is loaded from ROM 50 (FIG. 6) to main memory 

game-modifing signatures which are encrypted versions of 10 13 (FIG. 1) of the electronic gaming system. In step 104, 

unique primary abbreviated bit strings computed from the system boot data sets are loaded from ROM 54 (FIG. 6) to 

game-modifying, da^a^sets^he^^w^games include new the main memory. The system boot data sets include boot 

game*Si^atures-wnich are encrypted versions* of unique strap code 56, OS 58, OS drivers 60, .first secure loader 62 

primary abbreviated bit strings computed from the new including the first authentication program (FIG. 6), and 

game data sets. 15 associated signatures 63. As mentioned above, in the pre- 

Agame data set 75 may be received, or accessed, from an , ferred embodiment, signatures 63 include a first authentica- 

feWternarsoufce 76. Game data set 75 may be a new game tion program signature which is an encrypted version of a 

data - set or a game-modifying data set. In varying unique primary abbreviated bit string computed from the 

embodiments, external source 76 may be a ROM, a mass first authentication program using the signature generating 

storage device, any other computer readable memory of the 20 process described in FIG. 4. 

electronic gaming system (FIG.^l^Wr^a-network^s In step 106, anchor application 64 (FIG. 6) is accessed 

.means which is located remojdy^from^the electronic gaming without being loaded into main memory 13 (FIG. 1) of the 

system^and^.whieh^is^^c^essible via a network. In one electronic gaming system. As mentioned, the anchor appli- 

embodiment, the mass storage device 18 may serve as the cation includes graphics and sound drivers 66, system driv- 

external source 76. The second secure loader 72 of the 25 ers 68, money-handling software 70, second secure loader 

anchor application 64 may be used to determine the 72, and associated signatures 73 (FIG. 6). In step 108, the 

authenticity, or validity, of game data set 75 or any other validity of anchor application 64 is determined using the first 

application to be loaded. authentication program of the first secure loader 62 (FIG. 6). 

When power is initially applied to the gaming system In this embodiment, the first authentication program deter- 

(FIG. 1) on start-up, or when the system experiences a warm 30 mines the validity of the anchor application 64 using the 

restart, the CPU 12 (FIG. 1) will begin executing code from authentication procedure described in FIG. 5. 

the BIOS 52 which is responsible for initializing the moth- It is then determined at 110 whether the anchor~applicaj- 

erboard and peripheral cards of the system. After BIOS 52 tion 64"is "determined to be authentic, or valid, by the first 

has completed the initialization function, the boot strap code 35 authentication program. If the anchor application is invalid, 

56 is executed by the CPU 12 (FIG. 1) causing OS 58, OS or not authentic, the depicted process proceeds to step 112 

drivers 60, first secure loader 62, and signatures 63 associ- in which case loading of the anchor application to main 
ate d^ ^ tl^h^^S ^ iri v c rs, and first secure loader to be\ memory 13 (FIG. 1) is prohibited. If the anchor application 

copieij info main memory 13 (FIG. 1). Once in main is valid, the depicted process proceeds to step 114 in which 

memory, the OS 58 is started and first secure loader 62 is 4Q the anchor application is loaded from mass storage to main 

used to load anchor application 64 from mass storage 18 to memory of the electronic gaming system. After the anchor 

main memory 13 as previously indicated. application is loaded into main memory, the second authen- 

The anchor application signatures 73 are used during the tication program of the anchor application may be used to 

load by the first authentication program of the first secure authenticate any further applications accessed or received 

loader 62 to verify the validity of the anchor application. 45 , from anv source before loading the applications into main 

^Mtefltii^ memory. In step 118, the validity of a game data set or 

x ^U^ffie^^pi^io^ns?^ game-modifying data set is determined using the second 

1 The present invention affords great flexibility in game authentication program of the second secure loader 72 (FIG. 

content, scheduling and changes. For example, to change the 6 )- In the preferred embodiment of the present invention, the 

graphic images in a particular casino game or set of games, 5 o second auth entication program 10 determines the validity of 

new casino game data sets can be generated along with new tDe S ame data set or S ame modifying data set using the 

signatures and stored in the mass storage unit by either authentication procedure described ifi to FIG. 5. 

exchanging disk drives, replacing disks (for read only disk It is then determined at 120 whether the game data set or 

units), or writing new data to the storage media. In the game-modifying data set has been determined to be valid by 

networked mass storage application, these changes can be 55 the second authentication program of the second secure 

made to the files controlled by the network file server. loader 72. If the game data set or game-modifying data set 

Because j^casino game data sets must be authenticated is invalid, loading of the new game data set or game- 

%ecor^ing to the authentication procedure described above in modifying data set, is prohibited as indicated at 120. If the 

reference to FIG. 5, either periodically or on demand, new game data set or game-modifying data set is valid, the 

corrupted data sets cannot go undetected. Thus the invention 6 q depicted process proceeds to step 124 in which the new 

opens up the field of electronic casino gaming systems to game data set or game -modifying data set is loaded into 

readily modifiable games with flexible displays ancl rules, main memory. 

without sacrificing the essential security of such systems. An important advantage of the invention not found in 

Changes can also be made to the casino type game by prior art systems is the time and manner in which the game 

using game-modifying data sets. The game -modifying data 65 data sets can be authenticated. In prior art systems, authen- 

sets include: a graphics modifying data set for modifying tication of the casino game data set is normally only done 

parameters related to graphically displayed images of the when a payout lying above a given threshold is required by 
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the outcome of the game play, and this requires that the game provide a fixed set of rules while permitting future changes 

be disabled while the ROM is physically removed and the in the casino game graphics, sound or both. For such casino 

ROM contents are verified. games, it may be sufficient to compute the message digest 42 

The authentication procedures of the present invention and signature 37 from only the rules portion of the appli- 

can be activated to authenticate a data set at a variety of 5 cations program 36. In other cases, it may be desirable or 

different times without disabling the game. For example, a convenient to maintain the casino game video and audio 

game data set can be automatically subjected to an authen- portions constant, while allowing future changes to the rules 

tication procedure of the present invention each time the of game play. For casino games of this category, the message 

game is loaded from the mass storage unit into the main di Sest 42 and signature 37 may be computed from the 

memory 13 as suggested by the flow chart of FIG. 7. Further, 10 graphics and sound portions of the application program 36. 

if desired, the authentication procedure may be initiated in II . raa y aho be desirable to compute a message digest 42 and 

response to the pull of a slot game handle, the detection of signature 37 from a subset of the rules, graphics or sound 

a coin insert, the payout of coins or issuing of credit, or any Prions of a given applications program 36, or from some 

other detectable event related to game play. Hie authenticity 2l her f subse ! tak K en fr ° m * /™ a PP hcatl0 f 36. 

c ■ j . + -v , . Therefore, the above should not be construed as limiting the 

of a given casino game dau set 36 (FIG. 2) can also be 35 Qf ^ invemi wfaich ^ defined b ^ ^ 

checked on demand, either locally at the game console or claims 

remotely via a network, by providing a demand procedure. What is claimed is- 

Such a procedure may be initiated, e.g. by providing a L A method of authenticating a game data set for use in 

manually operable switch in the game console, accessible a cas i n o-type gaming system, said method comprising the 

only to authorized persons, for initiating the authentication 2 o steps of* 

routine. Alternatively the system of FIG. 1 may be config- (a) receivi me data 

ured to respond to a demand command generated remotely /t \ t . . . t , ... + . 

z . r . iL . (y \ j . (b) computing a primary abbreviated bit string unique to 

(e.g. in a security area in the casino or off-site) and trans- v ^ ^ e data set* 

mitted to the game console over a network to the networking y x 6 ^ ame a a se > 

subsystem 21. 25 ^ eDcrv P tlD S lhe abbreviated bit string to provide a 

Another advantage of the invention lies in the fact that the y signature, 

game data set storage capacity of a system incorporating the < d > stonn 8 the data ^ and the S1 g nature ^ 

invention is not limited by the size of a ROM, but is rather ( e ) computing a complementary abbreviated bit string 

dictated by the size of the mass storage unit or external 6:0111 me stored data ^ 

source. As a consequence, games using high resolution, high 30 (0 decrypting the stored signature to recover the primary 

motion video and high quality stereo sound can be designed abbreviated bit string; 

and played on systems incorporating the invention. Also, (g) comparing the primary and complementary abbrevi- 

since the mass storage unit need not be a read-only device, ated bit strings to determine whether the primary and 

and need not be physically located in the game console, the complementary abbreviated bit strings match; 

invention affords great flexibility in game content, schedul- 35 (h) if the primary and complementary abbreviated bit 

ing and changes. For example, to change the graphic images strings match, indicating that the game data set is 

in a particular casino game or set of games, new casino game authentic; and 

data sets can be generated along with new signatures and (i) if the primary and complementary abbreviated bit 

stored in the mass storagesunit^by^eitriemexchahging disk strings do not match, indicating that the game data set 

drives, replacirig xfisfis ' (for read only disk units), or writing 40 is not authentic. 

new data to the media. In the networked mass storage 2. A method of authenticating a game data set as recited 

application, these changes can be made to the files controlled in claim 1 wherein said step (b) of computing is performed 

by the network file server. Since the casino game data sets with a hash function to produce a hash value of the game 

-must pass the authentication procedure test, either periodi- data set, and wherein said primary abbreviated bit string 

cally or on demand, corrupted data sets cannot go undetec- 45 comprises the hash value of the game data set. 

ted. Thus the invention opens up the field of electronic 3. A method of authenticating a game data set as recited 

casino gaming systems to readily modifiable games with in claim 2 wherein the hash value comprises the message 

flexible displays and rules, without sacrificing the essential digest of the game data set. 

security of such systems. In fact, security is greatly 4. A method of authenticating a game data set as recited 

enhanced by the ability of the invention to authenticate all 50 in claim 1 wherein said step (c) of encrypting is performed 

game data sets both regularly (for each handle pull) and at using a private encryption key. 

any time (on demand), without interfering with regular game 5. A method of authenticating a game data set as recited 

play (unless no match occurs between the two forms of in claim 1 wherein said step (f) of decrypting is performed 

message digest). using a public decryption key. 

While the above provides a full and complete disclosure 55 6. A method of authenticating a game data set as recited 

of the preferred embodiments of the invention, various in claim 1 wherein said step (c) of encrypting is performed 

modifications, alternate constructions and equivalents may using a private encryption key, and said step (f) of decrypt - 

be employed without departing from the true spirit and ing is performed using a public decryption key. 

scope of the invention. For example, while the RSApublic/^ 7. A method of authenticating a game data set as recited 

private key encryption technique is preferred (due to the 60 in claim 1 wherein said step (e) of computing is performed 

known advantages of this technique), a single, private key with a hash function to produce a hash value of the stored 
encryption technique may be employed,^if&desired. In a, game data set, and wherein said complementary abbreviated 

system using this technique, the single key would be stored bit string comprises the hash value of the stored game data 

in ROM 29 in place of the public key 34. Also, the message set. 

digest 42 and signature 37 for a given application 36 need 65 8. A method of authenticating a game data set as recited 

not be computed from the entire casino game data set. For in claim 7 wherein the hash value comprises the message 

example, for some casino games it may be desirable to digest of the stored game data set. 
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9. A method of authenticating a game data set as recited 
in claim 1 wherein said step (d) of storing includes the step 
of storing the game data set and the signature in a mass 
storage device. 

10. A method of authenticating a game data set as recited 
in claim 9 wherein the mass storage device comprises a disk 
drive unit. 

11. A method of authenticating a game data set as recited 
in claim 9 wherein the mass storage device comprises a 
CD-ROM unit. 

12. A method of authenticating a game data set as recited 
in claim 9 wherein the mass storage device comprises a 
network storage system. 

13. A method of authenticating a game data set as recited 
in claim 1 wherein said steps (a)-(d) are performed at a first 
site, and wherein steps (e)-(g) are performed at a second 
site. 

14. A method of authenticating a game data set as recited 
in claim 13 wherein the first site comprises a manufacturing 
facility, and wherein said second site is a gaming facility. 

15. A method of authenticating a game data set as recited 20 
in claim 1 wherein said game data*seFis a" game-mSdifying^ 

f - da ta ^set ofor modifying game parameters-of-a casino type 
■: v '^ame. \ " 

16. A method of authenticating a game data set as recited 
in claim 15 wherein said game-modifying data set includes 
a money handler modifying data set for modifying param- 
eters related to payout of coins and issuing of credit in the 
casino-type game. 

17. A method of authenticating a game data set as recited 
in claim 15 wherein said game -modifying data set includes 
a sound driver modifying data set for modifying parameters 
related to sound drivers of said casino-type game. 

18. A method of authenticating a game data set as recited 
in claim 15 wherein said game -modifying data set includes 

^_a. graphics modifying data set for modifying parameters 
related to graphically displayed images of the casino-type 
gamer * T \ 

19. A method of preparing a casino game data set capable 
of authentication, said method comprising the steps of: 

(a) providing a data set for a casino game; 

(b) computing a primary abbreviated bit string unique to 
the casino game data set; 

(c) encrypting the abbreviated bit string to provide a 
signature; and 

(d) storing the casino game data set and the signature. 

20. A method of preparing a casino game data set as 
recited in claim 19 wherein said step (b) of computing is 
performed with a hash function to produce a hash value of 
the stored casino game data set, and wherein said primary 
abbreviated bit string comprises the hash value of the stored 
casino game data set. 

21. A method of preparing a casino game data set as 
recited in claim 20 wherein the hash value comprises the 
message digest of the casino game data set. 

22. A method of preparing a casino game data set as 
recited in claim 19 wherein said step (c) of encrypting is 
performed using a private encryption key, 

23. A method of preparing a casino game data set as 
recited in claim 19 wherein said step (d) of storing the casino 
game data set and the signature includes storing the casino 
game data set and the signature in a mass storage device. 

24. A method of preparing a casino game data set as 
recited in claim 23 wherein the mass storage device com- 
prises a disk drive unit. 

25. A method of preparing a casino game data set as 
recited in claim 23 wherein the mass storage device com- 
prises a CD-ROM unit. 
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26. A method of preparing a casino game data set as 
recited in claim 23 wherein the mass storage device com- 
prises a network storage system. 

27. A method of authenticating a casino game data set of 
a casino type game having a signature encrypted from a 
primary abbreviated bit string computed from the casino 
game data set, said method comprising the steps of: 

(a) computing a complementary abbreviated bit string 
from the casino game data set; 

(b) decrypting the signature to recover the primary abbre- 
viated bit string; and 

(c) comparing the primary and complementary abbrevi- 
ated bit strings to determine whether the primary and 
complementary abbreviated bit strings match. 

28. A method of authenticating a casino game data set as 
recited in claim 27 wherein said step (a) of computing is 
performed with a hash function to produce a hash value of 
the casino game data set, and wherein said complementary 
abbreviated bit string comprises the hash value of the casino 
game data set. 

29. A method of authenticating a casino game data set as 
recited in claim 28 wherein the hash value comprises the 
message digest of the casino game data set. 

30. A method of authenticating a casino game data set as 
recited in claim 27 wherein said step (b) of decrypting is 
performed using a public decryption key. 

31. In an electronic gaming system including a main 
memory, a first storage means having a first authentication 
program stored therein, a second storage means having 
stored therein an anchor application including a second 
authentication program, and an anchor signature including 
an encrypted version of a unique primary abbreviated anchor 
bit string computed from said anchor application, and a third 
storage means having stored therein a game data set and a 
game signature including an encrypted version of a unique 
primary abbreviated game bit string computed from said 
game data set, a method of authenticating game data sets for 
implementing casino-type games, said method comprising 
the steps of: 

(a) loading said first authentication program stored in said 
first storage means to said main memory; 

(b) accessing said anchor application stored in said second 
storage means; 

(d) determining the validity of said anchor application 
using said first authentication program; 

(e) if said anchor application is invalid, prohibiting the 
loading of said anchor application into said main 
memory; 

(f) if said anchor application is valid, 

loading said anchor application into said main memory, 
accessing said game data set stored in said third storage 

means, determining the validity of said game data set 

using said second authentication program, 
if said game data set is invalid, prohibiting the loading of 

said game data set into said main memory, 
if said game data set is valid, loading said game data set 

into said main memory and processing instructions of 

said game data set. 

32. In an electronic gaming system as recited in claim 31 
wherein said step of determining the validity of said anchor 
application using said first authentication program includes 
the steps of: 

computing a complementary abbreviated anchor bit string 

from said anchor application; 
decrypting said anchor signature to recover said primary 

abbreviated anchor bit string; 
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comparing said primary and complementary abbreviated first storage means to said main memory, wherein said 

anchor bit strings to determine whether said primary steps of first and second loading are performed before 

and complementary abbreviated anchor bit strings performing said step of loading said first authentication 

match. program. 

33. In an electronic gaming system as recited in claim 31 5 40. In an electronic gaming system as recited in claim 31 
wherein said step of determining the validity of said game wherein said first storage means is an unalterable read only 
data set using said second authentication program includes mem ory, said second storage means is a mass storage means, 
the steps of: anc j sa ^ tn j r d stora g e m eans is a mass storage means. 

computing a complementary abbreviated game bit string 41, r n an electronic gaming system as recited in claim 31 

from said game data set; 10 wherein said slep of determining the validity of said game 

decrypting said game signature to recover said primary data set using said second authentication program is repeat- 
abbreviated game bit string; a bly initiated in response to initiation of game play. 

comparing said primary and complementary abbreviated 42. In an electronic gaming system as recited in claim 31 

game bit strings to determine whether said primary and 35 wherein said step of determining the validity of said game 

complementary abbreviated game bit strings match. data set using said second authentication program is repeat - 

34. In an electronic gaming system as recited in claim 31 a bly initiated in response to the detection of a coin insert, 
wherein said primary abbreviated anchor bit string is com- 43. r n an electronic gaming system as recited in claim 31 
puted from said anchor application using a first hash wherein said step of determining the validity of said game 
function, and wherein said step of determining the validity 2Q data set using said authentication program is repeat- 
of said anchor application using said first authentication ably initiated in response to the payout of coins or issuing of 
program includes the steps of: credit 

computing a complementary abbreviated anchor bit string 44 In an electronic gaming system as recited in claim 31 
from said anchor application using said first hash wherein said step of determining the validity of said game 
function; 25 data set using said second authentication program is repeat- 
decrypting said anchor signature to recover said primary aD ly initiated by a demand procedure activated remotely 

abbreviated anchor bit string; fr om tne gammg system via a network, 
comparing said primary and complementary abbreviated 45. In an electronic gaming system as recited in claim 31 
anchor bit strings to determine whether said primary wherein said step of determining the validity of said game 
and complementary abbreviated anchor bit strings 30 data set using said second authentication program is repeat- 
match, ably initiated by a demand procedure activated locally at the 

35. In an electronic gaming system as recited in claim 34 gaming system. 

wherein said primary abbreviated game bit string is com- 45, i n an electronic gaming system as recited in claim 31 

puted from said game data set using a second hash function, wherein said gaming system further includes a fourth stor- 

and wherein said step of determining the validity of said 35 a g e means having stored therein a game modifying data set 

game data set using said second authentication program an d a game modifying signature including an encrypted 

includes the steps of: version of a unique primary abbreviated bit string computed 

computing a complementary abbreviated game bit string from said game modifying data set, said method further 

from said game data set using said second hash func- comprising the steps of: 

uon i accessing said game modifying data set in said fourth 

decrypting said game signature to recover said primary storage means; 

abbreviated game bit string; and determining the validity of said game modifying data set 

comparing said primary and complementary abbreviated using said second authentication program; 

game bit strings to determine whether said primary and 45 if sa jd game modifying data set is invalid, prohibiting 

complementary abbreviated game bit strings match. loading of said game modifying data set into said main 

36. In an electronic gaming system as recited in claim 31 memory; and 

wherein said first storage means is an unalterable read only if ^ daU ^ fa va , id> loadin said 

memory device. modifying data set into main memory. 

37. In an electronic gaming system as recited in claim 31 50 47. In m electronic gaming system as recited in claim 31 
wherein said second storage means is a mass storage device wherejn Mid da , a Mt is a game . mo difying data set 

38. In an electronic gaming system as recited in claim 31 which indudes , m handlef modifying data xt for 
wherein said third storage means comprises a network modifying param eters related to payout of coins and issuing 
storage system which is remote from the electronic gaming of credit in (he casino . type game . 

s y^ m / , . „, 55 48. In an electronic gaming system as recited in claim 31 

39. In an electronic gaming system as recited in claim 31 wherein ^ data se , is a game . modi£ying data xt 

wherein said electronic gaming system further includes a which mdudes a sound driver modifving data xt for modi . 

fourth storage means having stored therein a basic input/ fyi ameters related t0 ^ drivers of said casmo . type 

output operating system (BIOS) and wherein said first ' ° 

storage means further includes bootstrap code, an operating 60 49 , n m electronic m tem as recited jn claim 31 

system and operating system drivers stored therein, said whereiQ ^ game data set is a game . modifying data 

method further comprising the steps of: which includes a graphics modifyjng data ^ for modifying 

first loading said BIOS from said fourth storage means to parameters related to graphically displayed images of the 

said main memory; and casino-type game, 

second loading said bootstrap code, said operating 65 

system, and said operating system drivers from said * * * * * 
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